AppSec Blog: Author - Billy Rios

Spot the Vuln - Notes

The best way to waste your life, ... is by taking notes. The easiest way to avoid living is to just watch. Look for the details. Report. Don't participate. Chuck Palahniuk Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code … Continue reading Spot the Vuln - Notes


Spot the Vuln - Percentage - Cross Site Scripting

Details Affected Software: Sermon Browser WordPress Plugin Fixed in Version: .44 Issue Type: Cross Site Scripting Original Code: Found Here Details There is a lot going on here in this code snippet. First, let's talk about the patch. The patch adds a check to ensure the user requesting has the rights to edit a post. … Continue reading Spot the Vuln - Percentage - Cross Site Scripting


Spot the Vuln - Percentage

100 per cent of us die, and the percentage cannot be increased. C.S. Lewis Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security … Continue reading Spot the Vuln - Percentage


Spot the Vuln - Bases - Cross Site Scripting

Details Affected Software: Ask Apache Password Protect Fixed in Version: 4.6 Issue Type: Cross Site Scripting Original Code: Found Here Details Pretty straightforward XSS here. On line 150we see that the author calls print_r on $_SERVER. $_SERVER is full of tainted variables and print_r will print all of tainted values resulting in XSS. The developers … Continue reading Spot the Vuln - Bases - Cross Site Scripting


Spot the Vuln - Bases

I have only one superstition. Touch all the bases when I hit a home run. Babe Ruth Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify … Continue reading Spot the Vuln - Bases